openUTM offers comprehensive, distinct, clearly structured concepts for system and data access control (authentication and authorization):

• Definition of logical access points:
  A UTM application can be configured in such a way that a client can only connect to it if a logical access point (LTERM partner) is configured for it in this application. In this case, the client must therefore be known to the UTM application.

• Definition of user IDs:
  User IDs can be defined for a UTM application. This can take place during generation, or dynamically while the application is running.

• Allocation of passwords to user IDs:
  Specific passwords can be assigned to the user IDs. You can also specify the complexity and the period of validity of the passwords and keep a history of the passwords used.

• Use of an ID card reader for system access control

• Silent alarm in the case of repeated failed attempts to log on by a user.

• Automatic timeout

• Event-driven routines for user-defined system access controls

• Subtly differentiated access authorizations:
  openUTM offers two different concepts, which each take a different angle:

  • The lock code/key code concept, which is user-oriented

  • The access list concept, which is role-oriented

  The two concepts can be used in parallel within an application.

• Password encryption and encryption of messages on the way between the client and server. 

• A cross-application user concept in cases where OSI TP is used.

• Support for Kerberos on BS2000 systems (for the terminal mode)

• Definition of IP subnets:
  Restriction of the IP address range by defining IP subnets (SUBNET) for client access via LTERM pools (TPOOL).

You will find detailed information on the subject of security in chapter "Security functions".

The extensive system and data access control concepts offered by openUTM are also available when connecting UTM-Client programs and during distributed processing with other partner applications.

When coordinating with databases, the protection mechanisms of the database systems can also be used. These mechanisms are described in the documentation for the relevant database systems.